(CLOSED) Zentyal and FreeNAS LDAP setup

[daniellench]

Ok kids, I've figured it out. There were a few things I kept getting hung up on. This works for me:

Setup your Zentyal box

During the initial install i chose DHCP. DON'T DO THAT

Configure you're static IP for the server, PLEASE GO STATIC DURING THE INITIAL INSTALL NOT AFTER. Enter your information, gateway, dns etc... correctly during the setup.

I then choose the Office setup and accepted the changes, reboot updated.
Make sure your modules are enabled under "Core > Module Status" in the Zentyal web interface. Need to at least have "Users and Groups" and "File Sharing" do be able to use LDAP

Change the firewall "Gateway > Firewall > Packet Filter" "Filtering rules from internal networks to Zentyal" and edit LDAP changing it to "ACCEPT" so you can bind to the LDAP in zentyal on port 390 and browse users.

Make a few users so we can check that we are binding later. You can delete the user after things are working if you like.

Go to "Office > Users and Groups > LDAP Settings" and leave this page open. This is the info you will need in the FreeNAS box


Setup your FreeNAS 8.3+ box

Nothing special here just go to services after install, click on the wrench next to LDAP to configure it.

Hostname: 10.0.0.10:390 (enter the ip address of the Zentyal box and the port 390)
BaseDN: from the LDAP Settings page in Zentyal
Allow Anonymous Binding: Unchecked
Root bind DN: from the LDAP Settings page in Zentyal
Root bind password: from the LDAP Settings page in Zentyal
Password encryption: clear
User Suffix: ou=Users
Group Suffix: ou-Groups
Password Suffix: leave blank
Machine Suffix: leave blank
Encryption Mode: Off
Self signed certificate: not needed
Auxiliary Parameters: defaults from FreeNAS are fine

Click OK,
and enable the LDAP service. If it starts then all should be good. if not, check your IP and port numbers.

Click on "Shell" in the menu of FreeNAS and type

Code: [Select]

getent passwd
Look for the users you made in the Zentyal box. If you see them than everything should be ok with LDAP now.

make your shares and turn on your sharing services and then test that you can browse to them.

best,
dan

[ichat]

so you finaly fixed it.??


what i dont get is what could cause  dhcp to  screw this setup over... 
unless you also checked [wan]  it shouldn't make a diference 

i for example have a firewall setup that provided  static leases to each of my servers,  just so when i reinstall dont have to concider what  its ip was supposed to be... 

bottom line:  if ever you find out why it happend (or anyone else does),  be sure to add it to the thread...

[argais]

Thanks for this post. I am about to make that exact same setup so I'm sure this will be helpful!

[B0UJI]

Cheers for this I was definitely thinking of making a setup like this!

[christian]

Nice "HowTo"! Thank you.

Still there is a couple of detail I'd like to add for the completeness of the understanding 

- You should specify Zentyal version. Does this work the same for 2.2 and 3.0 ?
- why is file sharing mandatory ? For what I understand from your "HowTo", you don't use it. What does it bring ?
- Be cautious with LDAP account you use to access LDAP server. Most applications embedding their own account management but also offering ability to rely on LDAP are expecting or at least promoting use of "LDAP administrator" account in order to be able to manage, via their own interface, accounts in LDAP too. This is potentially risky and unless you understand the very detail of what is done, I would suggest to use account with "LDAP read only" access rights.
Starting with Zentyal 3.0, such account exists. Pity is that Zentyal GUI does not expose it. You will have to use LDAP browser or CLI to get it, including its password. But this is worth the effort 

This aside, I'm not using FreeNAS anymore (using OMV now) and did not remember that FreeNAS Zentyal interface was asking for "password" and "machine" baseDN. This is funny as it looks like NIS related settings 

[richie1985]

i tried this, i can set the ldap settings in freenas and i see the user and groups in freenas, but i cant access it

[daniellench]

This is to close the topic.

I have given up, no revision of freenas could reliably maintain the connection to zentyal.

I am no longer using Zentyal since the 3.0 and samba 4 release, it is too much for my company, and I feel the project has moved to far away from it's beginning.

I am running SME and Synology, the LDAP setup took me 10 minutes to complete and the damn thing is pretty much bulletproof.

If anyone wants a dropbox replacement for enterprise or personal use on your own server contact me through nofolder.com

Thanks for all you've done ebox team.

dan

[christian]

Sure Zentyal, at least for the time being, is not the most suitable platform to run as an open LDAP server. It is rather focusing at servicing Zentyal components that are more and more organized around Samba as corner stone.